Jessy Irwin on Online Security

Description

While in San Francisco I had the privilege of spending some time with Jessy Irwin to discuss all things security. Lately with a rash of security breaches I've become concerned about how safe I've been online. I knew there were some things I could do personally and as a developer to be more secure but thought I should check in with someone who knows tons more than I. Jessy did not disappoint! Thankfully I received the scolding I needed (and deserved) regarding some of my more insecure online practices along with some tips to become a more secure developer. I hope you enjoy our conversation as much as I did!

This is a great question! For Single Sign On services, it is important to be aware of how accounts can be linked together. I recommend using a very strong password (long, random, unique... preferably generated by your password manager), turning on two-factor authentication for that service, and keeping notes in the password manager about the services you've authorized to rely on those credentials. Once every quarter, I go in and review accounts that are linked to SSO services, especially anything connected to a social media account or a service tied to my identify for email, and I nuke anything that hasn't been used in a few months, anything that looks weird, or anything I know I have not used in awhile. Because all of your eggs are resting in one SSO basket, so to speak, it's best to review this regularly and stay on top of the credentials-- because they can be linked to so many places, they're high-value targets for sure.

If you're wanting to use SSO, but also maintain anonymity or a separate identity, just make sure that the streams of your real identity and your anonymous handle never cross.